You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nevin raised some potential concerns about security.
Mainly... we have read access on the database and all child pages.
If someone has access to the API key, they could view our full list of clients, their plugin version and other sensitive data.
Notion doesn't make it particularly easy to spin up multiple keys for one integration. You have to create one integration per site and attach that integration to the inventory database.
Possible solution:
Give the integration "write only" access.
Manually create a Notion DB row for the site
For each site, you provide the ID of the row that the site can write to.
The downsides of this method:
This is a bummer for tracking multiple environments per site. You'd have to create a row ID per site, per environment.
For multisite projects, you'd either have to create a row ID per site (and map site handle -> row). Or we would just write to a single row and store data about the sites in a new column
This isn't the worst... because the plugin and server data would be identical for all multi-sites anyway.
The text was updated successfully, but these errors were encountered:
Nevin raised some potential concerns about security.
Mainly... we have read access on the database and all child pages.
If someone has access to the API key, they could view our full list of clients, their plugin version and other sensitive data.
Notion doesn't make it particularly easy to spin up multiple keys for one integration. You have to create one integration per site and attach that integration to the inventory database.
Possible solution:
The downsides of this method:
The text was updated successfully, but these errors were encountered: